I couldn't find the attribute lastName in the user_attribute table. I did find the following though
COPY idp_mapper_config (idp_mapper_id, value, name) FROM stdin;
9871fac6-80ef-4fed-91d2-01a2fa56fd31    street  user.attribute
9871fac6-80ef-4fed-91d2-01a2fa56fd31    address claim
473e55d3-8266-4507-bc1d-cc3c27d49498    lastName        user.attribute
49a22d17-4dd5-426b-ba02-cbf6b7de6a84    sub     claim
49a22d17-4dd5-426b-ba02-cbf6b7de6a84    firstName       user.attribute

It seems that my mappings ended up in idp_mapper_config. My mappings are:
lastName: preferred_username
firstName: sub
street: address

This was the JSON response from the OID backend. The interesting thing is that Keycloak maps "name" from the OID backend to firstName.
{"sub":"Christine Chapel","name":"","position":"","preferred_username":"Christine Chapel","address":"Nurse, USS Enterprise"}

Does it mean that Keycloak doesn't support mapping to the UserModel?


Thanks!
Eugene

On 14/7/2015 9:26 PM, Marek Posolda wrote:
From looking at the code, it seems that we don't support mapping to UserModel properties (ie. firstName, lastName, email) but just custom attributes. Could you check your database if there is attribute "lastName" in USER_ATTRIBUTE table for this user? If it's the case, then it means that mapper added custom attribute "lastName" instead of the java property "lastName" from user model . Then feel free to create JIRA to support mapping to UserModel properties as well .

Marek

On 14.7.2015 13:19, Eugene Chow wrote:
Hi Marek,

I managed to set up the logger. Thanks! This is the configuration to dump the userinfo JSON response in the log file and the console.
        <subsystem xmlns="urn:jboss:domain:logging:3.0">
            <console-handler name="CONSOLE">
                <level name="DEBUG"/>
                <formatter>
                    <named-formatter name="COLOR-PATTERN"/>
                </formatter>
            </console-handler>
            <logger category="org.keycloak.social.user_profile_dump">
                <level name="DEBUG"/>
            </logger>
...

I have another problem, which is to map the userinfo from the custom OpenID Connect backend. Upon login, it returns this JSON response:
{"sub":"Christine Chapel","name":"","position":"","preferred_username":"Christine Chapel","address":"Nurse, USS Enterprise"}

I’m trying to map preferred_username to the Last Name field. I tried to map this field, and also sub and address, but all without success:
Name: Fullname
Mapper Type: Attribute Importer
Claim: preferred_username
User Attribute Name: lastName

Is there a specific Claim or User Attribute Name that I need to use for the mapping to work?


Cheers!

On 14 Jul 2015, at 14:59, Eugene Chow <eugene.chow.ct@gmail.com> wrote:

Hi Marek,

Thanks for the heads up. I’ll give it a shot.

Eugene

On 14 Jul 2015, at 14:53, Marek Posolda <mposolda@redhat.com> wrote:

Hi,

do you have opportunity to upgrade to latest 1.3.1.Final? It seems that this logging was added in this version and is not yet available in 1.2.0.

Marek

On 14.7.2015 07:59, Eugene Chow wrote:
Hi Stian/Marek,

Can you please advise on the following? I used the instructions from this page - http://keycloak.github.io/docs/userguide/html/identity-broker.html#d4e1954. I’m not sure if I have included it in the correct location as it doesn’t work.

I need this to debug the JSON response from a custom OpenID Connect backend.


Thanks a lot!
Eugene

On 13 Jul 2015, at 17:20, Eugene Chow <eugene.chow.ct@gmail.com> wrote:

Hi,

i have a Keycloak 1.2.0 installation that authenticates against a custom OpenID Connect provider. I need to see the JSON response from the social provider. The documentation says to set org.keycloak.social.user_profile_dump to DEBUG.

I’ve added the following to standalone.xml as such, but I don’t see any JSON output in the log. Is this configuration correct?

   <profile>
       <subsystem xmlns="urn:jboss:domain:logging:2.0”>
           <logger category="org.keycloak.social.user_profile_dump">
               <level name="DEBUG"/>
           </logger>

...
   </profile>


Thanks!
Eugene



_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user